433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (656) 236-3022

Dashlane launches new Dark Web Insights tool, MFA authenticator app, small biz Starter plan

Password manager vendor Dashlane has announced updates to its suite of enterprise offerings. These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses. The firm has also introduced new live phone support service whereby users can request and book a call directly with Dashlane’s support team. Breached employee credentials on dark web pose significant threat to businesses In a press release, Dashlane stated that its new Dark Web Insights tool “continuously scans” more than 20 billion records attached to hacks or data breaches on the dark web, providing users with a bespoke breakdown of compromised passwords across their organization. Dark Web Insights also provides admins the ability to scan their organization for incidences of breached credentials and invite non-Dashlane using, breached employees to begin using Dashlane through built-in seat provisioning. The firm said that, by pairing this alert function with the ability to generate new, random, and unique passwords, admins can take action quickly once alerted about compromised credentials. To read this article in full, please click here
http://news.poseidon-us.com/SZcMTf

New hires won’t fix the AI skills gap

With internal training strategies, companies can meet highly sought-after talent needs while making use of employees’ business expertise.
http://news.poseidon-us.com/SZc93W

5 reasons why security operations are getting harder

Recent ESG research reveals that 52% of security professionals believe security operations are more difficult today than they were two years ago. Why? Security operations center (SOC) teams point to issues such as: * A rapidly evolving and changing threat landscape: Forty-one percent of security professionals find it difficult to understand and counteract modern threats like ransomware or supply chain attacks and then build this knowledge into a comprehensive security operations program. Most react to threats and indicators of compromise (IoCs) rather than study cyber-adversaries and plan ahead. * A growing attack surface: This issue came up with 39% of respondents, but attack surface challenges are no surprise. Other ESG research indicates that the attack surface is growing at two-thirds (67%) of organizations, driven by third-party IT connections, support for remote workers, increased public cloud usage, and adoption of SaaS applications. A growing attack surface means more work, vulnerabilities, and blind spots for SOC teams. Little wonder then why 69% of organizations admit to a cyber-incident emanating from an unknown, unmanaged, or poorly managed internet-facing asset. * The volume and complexity of security alerts: We’ve all heard about “alert storms” and “alert fatigue.” Based on the ESG data, these conditions aren’t just marketing hype, as 37% of SOC teams say that alert volume and complexity is making security operations more difficult. It’s easy to understand this one: Imagine viewing, triaging, prioritizing, and investigating a constant barrage of amorphous security alerts from a variety of different detection tools and you’ll get the picture. Seems overwhelming but that’s the reality for level 1 SOC analysts at many organizations. * Public cloud usage: Beyond just expanding the attack surface, more than one-third (34%) say that security operations are more difficult as a direct result of growing use of the public cloud. This is not just a numbers game. Securing cloud workloads is difficult due to multi-cloud deployment, ephemeral cloud instances, and developer use of new cloud services that security teams may be unfamiliar with. Chasing cloud evolution and associated software developer whims has become part of the job. * Keeping up with the care and feeding of security technologies: More than half (54%) of organizations use more than 26 different commercial, homegrown, or open-source tools for security operations. The burden of managing and maintaining all these disparate technologies alone can be difficult. This is one reason why many firms are replacing on-site security tools with cloud-based alternatives. Growing scale complicates security operations In analyzing this data, it’s easy to see a common theme across these different responses – scale. Everything is growing – threats, IT, alerts, tools, everything. The research illustrates the fact that we don’t have the people, processes, or technologies to keep up with these scaling needs. To read this article in full, please click here
http://news.poseidon-us.com/SZbthH

US CISA reaches a new maturity level with its comprehensive strategic plan

On November 16, 2018, the awkwardly named National Protection and Programs Directorate (NPPD) at the US Department of Homeland Security (DHS) emerged as a full-fledged agency called the Cybersecurity and Infrastructure Security Agency (CISA). Since then, CISA has been the federal government agency for bolstering cybersecurity and infrastructure protection across the federal government and setting the example for the private sector to follow suit. Under the auspices of its first director, Chris Krebs, and current director, Jen Easterly, CISA has tackled many serious cybersecurity problems, from supply chain infections to crippling ransomware attacks. Last month, CISA took a significant step forward to achieving its goals by releasing its first comprehensive strategic plan, an overarching agenda of priorities for 2023 to 2025. (CISA did release in 2019 a “strategic intent” document, upon which the strategic plan builds.) To read this article in full, please click here
http://news.poseidon-us.com/SZbtTJ

More IcedID, (Wed, Oct 5th)

[This is a guest diary we received from Gunter Der]
http://news.poseidon-us.com/SZYM4r

CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumeration

A new directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) is ordering US federal civilian agencies to perform regular asset discovery and vulnerability enumeration, to better account for and protect the devices that reside on their networks. About the Directive “Over the past several years, CISA has been working urgently to gain greater visibility into risks facing federal civilian networks, a gap made clear by the intrusion campaign targeting SolarWinds devices,” the agency … More → The post CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumeration appeared first on Help Net Security.
http://news.poseidon-us.com/SZY6fp

Tenable’s CIO pushes resource optimization as company pursues $1B in revenue

Technology veteran Patricia Grant is joining the cybersecurity company amid sustained industry growth. Her challenge now is to help Tenable scale.
http://news.poseidon-us.com/SZXw19

7 cybersecurity audiobooks you should listen to this year

Audiobooks have gained enormous popularity among book lovers for a variety of factors, including their convenience, which enables listeners to learn while running errands or traveling. Here’s a list of cybersecurity audiobooks that are worthy of your time. Cybersecurity: The Insights You Need from Harvard Business Review Author: Harvard Business Review This book brings you today’s most essential thinking on cybersecurity, from outlining the challenges to exploring the solutions, and provides you with the critical … More → The post 7 cybersecurity audiobooks you should listen to this year appeared first on Help Net Security.
http://news.poseidon-us.com/SZX7YC

After Log4j and SolarWinds, CISA tells agencies to routinely scan networks for devices, potential bugs

CISA is kicking off cybersecurity awareness month with a new binding operational directive for agencies.
http://news.poseidon-us.com/SZTnsl